--- /dev/null
+@@
+expression E;
+@@
+
+-safe_memset(buffer_get_modifiable_data(E, NULL), 0, E->used);
+-buffer_set_used_size(E, 0);
++buffer_clear_safe(E);
dcrypt_openssl_ctx_sym_destroy(&dctx);
*point_r = BN_bin2bn(tmp->data, tmp->used, NULL);
- safe_memset(buffer_get_modifiable_data(tmp, NULL), 0,tmp->used);
- buffer_set_used_size(key, 0);
+ buffer_clear_safe(key);
if (*point_r == NULL)
return dcrypt_openssl_error(error_r);
/* run it thru SHA256 once */
unsigned char digest[SHA256_DIGEST_LENGTH];
SHA256(secret->data, secret->used, digest);
- safe_memset(buffer_get_modifiable_data(secret, NULL), 0, secret->used);
- buffer_set_used_size(secret, 0);
+ buffer_clear_safe(secret);
buffer_create_from_const_data(&key, digest, SHA256_DIGEST_LENGTH);
/* then use this as key */
peer_key = t_buffer_create(strlen(input[8])/2);
secret = t_buffer_create(128);
- buffer_set_used_size(data, 0);
+ buffer_clear_safe(data);
hex_to_binary(input[4], salt);
hex_to_binary(input[8], peer_key);
hex_to_binary(input[7], data);
RSA_free(rsa);
return dcrypt_openssl_error(error_r);
}
- safe_memset(buffer_get_modifiable_data(key_data, NULL),
- 0, key_data->used);
- buffer_set_used_size(key_data, 0);
+ buffer_clear_safe(key_data);
EVP_PKEY *pkey = EVP_PKEY_new();
if (pkey == NULL) {
RSA_free(rsa);
return dcrypt_openssl_error(error_r);
}
EC_KEY *eckey = EC_KEY_new_by_curve_name(nid);
- safe_memset(buffer_get_modifiable_data(key_data, NULL),
- 0, key_data->used);
- buffer_set_used_size(key_data, 0);
+ buffer_clear_safe(key_data);
BN_CTX *bnctx = BN_CTX_new();
if (eckey == NULL || bnctx == NULL) {
BN_free(point);
peer_key->data, peer_key->used);
str_append_c(destination, ':');
- buffer_set_used_size(peer_key, 0);
+ buffer_clear_safe(peer_key);
if (!dcrypt_openssl_public_key_id(enc_key, "sha256",
peer_key, error_r))
return FALSE;
/* append public key id */
str_append_c(destination, ':');
- buffer_set_used_size(buf, 0);
+ buffer_clear_safe(buf);
bool res = dcrypt_openssl_private_key_id(key, "sha256", buf, error_r);
binary_to_hex_append(destination, buf->data, buf->used);
dcrypt_openssl_ctx_sym_destroy(&dctx);
*point_r = BN_bin2bn(tmp->data, tmp->used, NULL);
- safe_memset(buffer_get_modifiable_data(tmp, NULL), 0, tmp->used);
- buffer_set_used_size(key, 0);
+ buffer_clear_safe(key);
if (*point_r == NULL)
return dcrypt_openssl_error(error_r);
/* run it thru SHA256 once */
unsigned char digest[SHA256_DIGEST_LENGTH];
SHA256(secret->data, secret->used, digest);
- safe_memset(buffer_get_modifiable_data(secret, NULL), 0, secret->used);
- buffer_set_used_size(secret, 0);
+ buffer_clear_safe(secret);
buffer_create_from_const_data(&key, digest, SHA256_DIGEST_LENGTH);
/* then use this as key */
peer_key = t_buffer_create(strlen(input[8])/2);
secret = t_buffer_create(128);
- buffer_set_used_size(data, 0);
+ buffer_clear_safe(data);
hex_to_binary(input[4], salt);
hex_to_binary(input[8], peer_key);
hex_to_binary(input[7], data);
peer_key->data, peer_key->used);
str_append_c(destination, ':');
- buffer_set_used_size(peer_key, 0);
+ buffer_clear_safe(peer_key);
if (!dcrypt_openssl_public_key_id(enc_key, "sha256",
peer_key, error_r))
return FALSE;
/* append public key id */
str_append_c(destination, ':');
- buffer_set_used_size(buf, 0);
+ buffer_clear_safe(buf);
bool res = dcrypt_openssl_private_key_id(key, "sha256", buf, error_r);
binary_to_hex_append(destination, buf->data, buf->used);
if (len_s < len_r)
buffer_append_c(new_sig, 0x0);
buffer_append(new_sig, data + offset_s, len_s);
- buffer_set_used_size(signature_r, 0);
+ buffer_clear_safe(signature_r);
buffer_append_buf(signature_r, new_sig, 0, new_sig->used);
}
sk_ASN1_TYPE_unshift(seq, t_s);
unsigned char *ptr = NULL;
len = i2d_ASN1_SEQUENCE_ANY(seq, &ptr);
- buffer_set_used_size(signature_r, 0);
+ buffer_clear_safe(signature_r);
buffer_append(signature_r, ptr, len);
OPENSSL_free(ptr);
sk_ASN1_TYPE_free(seq);
stream->use_mac = FALSE;
}
/* destroy private key data */
- safe_memset(buffer_get_modifiable_data(keydata, 0), 0, keydata->used);
- buffer_set_used_size(keydata, 0);
+ buffer_clear_safe(keydata);
return failed ? -1 : 1;
}
continue;
} else {
/* clean up buffer */
- safe_memset(buffer_get_modifiable_data(dstream->buf, 0),
- 0, dstream->buf->used);
- buffer_set_used_size(dstream->buf, 0);
+ buffer_clear_safe(dstream->buf);
i_stream_skip(stream->parent, hret);
}
size_t bl, off = 0, len = iov[i].iov_len;
const unsigned char *ptr = iov[i].iov_base;
while(len > 0) {
- buffer_set_used_size(&buf, 0);
+ buffer_clear_safe(&buf);
/* update can emite twice the size of input */
bl = I_MIN(sizeof(ciphertext)/2, len);
}
/* write last mac bytes */
- buffer_set_used_size(buf, 0);
+ buffer_clear_safe(buf);
if ((estream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) ==
IO_STREAM_ENC_INTEGRITY_HMAC) {
if (!dcrypt_ctx_hmac_final(estream->ctx_mac, buf, &error)) {
projects / thirdparty / dovecot / core.git / commitdiff
